The Article 29 Working Party, comprising data protection authorities from each of the EU Member States and the European Data Protection Supervisor, has reiterated concerns about aspects of Passenger Name Record (PNR) agreements between the EU and the US, Canada and Australia. Under the agreements, airlines must allow authorities in the US, Canada and Australia to review data on passengers traveling from the EU to those countries to combat terrorism and other crimes.
The Working Party’s views are contained in a letter to Home Affairs Commissioner Cecilia Malmström that was prepared in anticipation of negotiations on new PNR agreements and that was released last week.
With respect to the US, the Working Party is concerned about the ability of US authorities to directly access EU PNR data from terminals in the US. The Working Party believes that this could enable US authorities to review data on flights not covered by the agreement, such as those within the EU. While a filtering mechanism was apparently put in place in November, the Working Party “considers it fundamental that any future agreements provide for data to be pushed to the US authorities, with no possibility for US officials to separately access the data.”
More broadly, the Article 29 Working Party calls for all PNR agreements to demonstrate the necessity of using PNR data, to include all relevant provisions (eliminating the need for side letters and similar documents), and to prohibit authorities from circumventing the agreements by directly approaching computer reservation service providers.